No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I've added the dependsOn attribute to the distribution so it depends on both the certificate and its validation, but that doesn't seem to change the behavior.

Possibly related: <https://github.com/pulumi/pulumi-aws/issues/1023>

I have a module that creates ACM and Cloudfront, I did not notice this problem. Except it sometimes created 2 certs and then removed one.

What resources that require replacement are you updating?

<https://github.com/hashicorp/terraform/issues/18997>

<@U025964HAJH> thanks for the response. I'm basically updating the domain name which requires certs and route 53 records to be replaced, and triggers a number of other updates. I'm working on a small example that can reproduce the problem now so I can share it

Well I made this stack, which is almost exactly the same as my stack, and the domain update behaved exactly as it was supposed to. So I must have something borked in the state of things. I'm probably just gonna destroy and start over from scratch. Thanks for looking at this <@U025964HAJH>, I appreciate it.

<https://github.com/cwinters8/pulumi-aws-cloudfront-cert-example>

Thanks. I will take a look as soon as I can because I could be affected by this as well

I had to vipe the state few times as well. It did not give me much confidence. Maybe worth exploring the state file before you destroy it